Cybersecurity Governance News – 2/26/16
Ensuring cybersecurity is relevant and important to everyone in your organization, not just the IT department, is a challenge.
eSecurity Planet, Feb. 22
“Even if these actions are being performed to validate existing infrastructure, senior leadership should be aware that this activity is occurring. It may also be worthwhile to consider third-party audits to ensure adherence with corporate security policies.”
“I’ve been in boardroom meetings where as soon as the CISO’s metrics presentation flashed on screen, eyes rolled heavenward and email was surreptitiously checked… you need a mix of time-based, results-based and forward-looking metrics to explain your InfoSec posture and avoid the rolling eyes in the boardroom.”
JDSupra Business Advisor, Feb. 23
Cybersecurity is a matter of corporate governance. Corporate governance should be at the core of a meaningful cybersecurity framework. The FDIC explains that “[a] bank should evaluate and manage cyber risk as it does any other business risk.”
Harvard Business Review, Feb. 19
The sense one gets from all of this is not of finding a right side and a wrong side, or winners and losers, but rather, the commencement of one of the most important public debates around technology’s and technology companies’ roles in a society committed to protecting citizens from terrorism and other threats.
BankInfo Security, Feb. 18
DHS has issued four guideline documents that in the words of Secretary Jeh Johnson “provide federal agencies and the private sector with a clear understanding of how to share cyberthreat indicators.”